The Financial Conduct Authority issued record anti-money laundering fines in 2025, sending an unequivocal signal to the financial services sector: AML compliance failures will be met with severe consequences. Money services businesses and payment institutions were among the most heavily penalised firm types. This article examines why AML enforcement has intensified, what specific failures are attracting fines, and what firms can do to avoid becoming the next enforcement case.
Why AML Enforcement Has Intensified
Several factors are driving the FCA's more aggressive AML enforcement posture. First, the payments and MSB sectors have grown rapidly, creating a larger regulated population with varying compliance maturity. Second, high-profile money laundering cases involving UK-regulated firms have increased political and public pressure on the FCA to demonstrate effective supervision. Third, the FCA's investment in data analytics has improved its ability to identify firms with weak AML controls through pattern analysis of SAR filing rates, complaint data and supervisory intelligence.
The FCA has also adopted a more proactive enforcement strategy. Rather than waiting for evidence of actual money laundering, the regulator is taking action against firms whose systems and controls are inadequate — even where no specific money laundering has been proven. This "systems and controls" approach means that any firm with a deficient AML framework is potentially at risk of enforcement action.
Most Common AML Failures
Customer due diligence. Firms that fail to conduct adequate CDD — including identity verification, beneficial ownership identification and risk assessment — at onboarding and on an ongoing basis. The FCA expects CDD to be proportionate to the risk presented by the customer, with enhanced due diligence applied to higher-risk customers.
Transaction monitoring. Monitoring systems that are inadequate for the firm's business model — including rules that are too narrow, thresholds that are too high, and coverage gaps for particular transaction types or corridors. The FCA expects monitoring to be calibrated to the firm's specific risk profile and regularly reviewed.
Suspicious activity reporting. Failure to submit SARs in a timely manner, submission of SARs without adequate supporting information, and failure to identify reportable activity despite clear indicators. The FCA analyses SAR filing rates as a supervisory indicator — firms with anomalously low filing rates relative to their business volume and risk profile attract attention.
Risk assessment. Business-wide and customer-level risk assessments that are generic rather than tailored to the firm's specific business model, customer types, geographies and transaction patterns.
How to Strengthen Your AML Framework
- Conduct an independent AML framework review. Engage a qualified external reviewer to assess your AML framework against FCA expectations and current enforcement themes. Internal assessments often miss blind spots.
- Tailor your risk assessment. Your business-wide risk assessment must reflect your firm's actual business — the specific customer types you serve, the geographies you operate in, the products you offer and the delivery channels you use.
- Calibrate transaction monitoring. Review your monitoring rules and thresholds against current typologies and your firm's actual transaction patterns. Test the effectiveness of your monitoring system regularly.
- Invest in CDD quality. Ensure that CDD processes are thorough, consistent and documented. Implement ongoing monitoring to detect changes in customer behaviour or risk profile.
- Report promptly. Ensure that SARs are filed promptly when suspicious activity is identified, with adequate supporting information. Train staff on recognition of suspicious indicators and escalation procedures.
- Document and evidence. Maintain comprehensive records of all AML activities, decisions and risk assessments. In enforcement proceedings, the quality of documentation is critical.
What MSBs Should Do Now
Money services businesses face heightened scrutiny due to the inherent risks of their business model. MSBs should prioritise independent AML framework testing, enhanced due diligence for high-risk corridors, source of funds verification and regular staff training updates.
Regulatory Counsel advises MSBs and payment firms on AML framework development, independent testing and enforcement risk mitigation. Contact us for a free initial consultation.
Frequently Asked Questions
Growth in the payments and MSB sectors, political pressure following high-profile cases, improved FCA data analytics, and a proactive enforcement approach targeting inadequate systems and controls.
Yes. The FCA can take enforcement action for inadequate AML systems and controls, regardless of whether actual money laundering has been proven.
Inadequate customer due diligence and generic risk assessments that are not tailored to the firm's specific business model and risk profile.
Through independent framework reviews, tailored risk assessments, calibrated transaction monitoring, prompt SAR filing and comprehensive documentation.